Over the past few years exploit kits have been widely adopted by criminals looking to infect users with malware. They are used in a process known as a drive-by download, which invisibly directs a user’s browser to a malicious website that hosts an exploit kit.
The exploit kit then proceeds to exploit security holes, known as vulnerabilities, in order to infect the user with malware. The entire process can occur completely invisibly, requiring no user action.
In this research article we will take a closer look at one of the more notorious exploit kits used to facilitate drive-by downloads – a kit known as Angler exploit kit (Angler hereafter).
Last week, we mentioned that application control is now available as part of a Sophos Cloud public beta. The beta also introduces a new next-generation endpoint protection feature called download reputation.
While it may not sound flashy, download reputation is an important step forward in protecting users from advanced threats, like zero-day malware designed to evade traditional antivirus defenses.
Download reputation crowdsources threat intelligence by drawing on the experience of our global customer base to help determine a file’s reputation. In other words, every user with download reputation enabled helps contribute to the collective security of our customers.
Let’s take a look at how download reputation works.
These days, every company knows that having its website appear at the top of Google’s results for relevant keyword searches makes a big difference in traffic and helps the business. Numerous search engine optimization (SEO) techniques have existed for years and provided marketers with ways to climb up the PageRank ladder.
In a nutshell, to be popular with Google, your website has to provide content relevant to specific search keywords and also to be linked to by a high number of reputable and relevant sites. (These act as recommendations, and are rather confusingly known as “back links,” even though it’s not your site that is doing the linking.)
Google’s algorithms are much more complex than this simple description, but most of the optimization techniques still revolve around those two goals. Many of the optimization techniques that are being used are legitimate, ethical and approved by Google and other search providers. But there are also other, and at times more effective, tricks that rely on various forms of internet abuse, with attempts to fool Google’s algorithms through forgery, spam and even hacking.
Europe’s biggest security event is upon us. If you’re attending Infosecurity Europe 2015, we hope you’ll join us at stand D260 to check out our great products, grab one of our cool giveaways, and see entertaining presentations from our respected experts.
One of our top experts will also be featured on the keynote stage, where James Lyne, Sophos global head of security research, will show you live attack demonstrations in his talk “How to Hack an Enterprise: Exploitation for Beginners.” James is also a member of the advisory board for the Intelligent Defence technical research conference taking place alongside Infosec.
The theme of Infosec this year is “Intelligent Security: Protect. Detect. Respond. Recover.” We agree that security should be intelligent – that’s why Sophos products are designed to prevent attacks based on suspicious behaviors, and detect and isolate infections when they do happen.
SophosLabs tracks huge volumes of spam from around the world, and once in a while we pause to take a look at the countries sending the most spam – we call it our Dirty Dozen Spampionship.
In the results for the most recent quarter (January, February and March 2015), we found that the biggest spam-relaying country in the world is the United States, once again. Vietnam has climbed to number two, followed by Ukraine, Russia, South Korea, and China rounding out the top six.
Check out the rest of the list and you see some familiar places and some countries that come and go from the Dirty Dozen:
If you couldn’t make it to San Francisco for RSA Conference, we’re bringing you great content and news from the event on our blogs and social media channels.
We also broadcasted from RSA via podcast – bringing you the expert opinions of our top security gurus, who took time away from their presentations and booth talks to reflect on the interesting themes and serious discussions happening at the conference.
There’s so much going on in the security world, and Sophos experts cut through the noise succinctly and intelligently in our (brief, informative, fun) podcasts.
IT professionals, security vendors, and the media all converge at RSA Conference 2015 in San Francisco the week of April 20-24th, where Sophos is well represented by our security experts and our great staff.
We’re presenting some new research at the show, so you won’t want to miss our live demonstrations. We’re also sharing all the news from RSA on social media, providing in-depth coverage on Naked Security, and podcasting from the event!
What are we talking about at RSA? Here’s a rundown of the big topics Sophos security experts are exploring.